Fury and frustration over Target data breach

Potential victims of credit card fraud tied to Target's security breach said they had trouble contacting the discounter through its website and call centers.

NEW YORK » Potential victims of credit card fraud tied to Target's security breach said they had trouble contacting the discounter through its website and call centers.

Angry Target customers expressed their displeasure in comments on the company's Facebook page. Some even threatened to stop shopping at the store. Target apologized on Facebook and said it's working hard to resolve the problem and is adding more workers to field calls and help solve website issues.

The fury and frustration come as the nation's second-largest discounter acknowledged Thursday that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend.

The theft is the second-largest credit card breach in U.S. history, exceeded only by a scam that began in 2005 involving retailer TJX Cos. That incident affected at least 45.7 million card users.

Target disclosed the theft a day after reports that the company was investigating a breach. The retailer's data-security troubles and its ensuing public relations nightmare threaten to drive off holiday shoppers during the company's busiest time of year.

Christopher Browning, of Chesterfield, Va., said he was the victim of credit card fraud earlier this week and believes it was tied to a purchase he made at Target with his Visa card on Black Friday. When he called Visa on Thursday, the card issuer could not confirm his suspicions. He said he hasn't been able to get through to Target's call center.

On Monday, Browning received a call from his bank's anti-fraud unit saying there were two attempts to use his credit card in California — one at a casino in Tracey, Calif., for $8,000 and the other at a casino in Pacheco, for $3,000. Both occurred on Sunday and both were denied. He canceled his credit card and plans to use cash.

"I won't shop at Target again until the people behind this theft are caught or the reasons for the breach are identified and fixed," he said.

Customers who made purchases by swiping their cards at its U.S. stores between Nov. 27 and Dec. 15 may have had their accounts exposed. The stolen data included customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip found on the backs of cards, Target said.

There was no indication the three- or four-digit security numbers visible on the back of the card were affected, Target said. The data breach did not affect online purchases, the company said.

Eric Hausman, a Target spokesman, said the company is engaged in "an ongoing investigation."

Target hasn't disclosed exactly how the breach occurred but said it has fixed the problem.

Given the millions of dollars that companies such as Target spend implementing credit-card security measures each year, Avivah Litan, a security analyst with Gartner Research said she believes the theft may have been an inside job.

"The fact this breach can happen with all of their security in place is really alarming," Litan said.

Other experts theorize that Target's network was hacked and infiltrated from the outside.

Whatever the case, Jason Oxman, CEO of the Electronics Transaction Association, which represents the payments technology industry, said data breaches like Target's are generally "heavily organized and sophisticated."

Annual losses from global credit and debit card fraud are on the rise. Last year, it reached $11.27 billion, up 11.4 percent from the previous year, according to The Nilson Report, which tracks global payments. Even so, Nilson's publisher David Robertson pointed out that fraud still accounts for less than 6 cents of every $100 spent.

Target, which has almost 1,800 stores in the U.S. and 124 in Canada, said it immediately told authorities and financial institutions once it became aware of the breach on Dec. 15. The company is teaming with a third-party forensics firm to investigate and prevent future problems.

The credit card breach poses a serious problem and threatens to scare away shoppers who worry about the safety of their personal data.

Target's stock dropped more than 2 percent, or $1.40, to $62.15 on Thursday.

"This is close to the worst time to have it happen," said Jeremy Robinson-Leon, a principal at Group Gordon, a corporate and crisis public relations firm. "If I am a Target customer, I think I would be much more likely to go to a competitor over the next few days, rather than risk the potential to have my information be compromised."

Target advised customers Thursday to check their statements carefully. Those who see suspicious charges should report them to their credit card companies and call Target at 866-852-8680. Cases of identity theft can also be reported to law enforcement or the Federal Trade Commission.

"Target's first priority is preserving the trust of our guests, and we have moved swiftly to address this issue, so guests can shop with confidence," Chairman, President and CEO Gregg Steinhafel said Thursday in a statement.

Brianna Byrnes of Kansas City, Mo., a student at the University of Missouri-Kansas City and a call center worker, said she made a Target purchase during the affected period. The situation made her "a little bit" nervous, but she still plans to shop for toys at the store, she said.

"I've never had anyone steal my identity. I guess it's taking a risk."

The incident is particularly troublesome for Target because it has used its store-branded credit and debit cards as a marketing tool to attract shoppers with a 5 percent discount.

During an earnings call in November, the company said some 20 percent of store customers as of October have the Target-branded cards. In fact, households that activate a Target-branded card have increased their spending at the store by about 50 percent on average, the company said.

"This is how Target is getting more customers in the stores," said Brian Sozzi, CEO and Chief Equities Strategist. "It's telling people to use the card. It's been a big win. If they lose that trust, that person goes to Wal-Mart."

TJX Cos., which runs stores such as T.J. Maxx and Marshall's, had a breach that began in July 2005 and exposed at least 45.7 million credit and debit cards to possible fraud. The breach was not detected until December 2006.

Without anyone noticing, one or more intruders installed code on the discount retailer's systems to methodically collect and transmit account data from millions of cards.

In 2009, TJX agreed to pay $9.75 million in a settlement with multiple states.

Litan doubts the breach will have much effect on Target's sales, noting that TJX launched sales promotions immediately following the news of its breach. The effort increased sales.

"People care more about discounts than security," Litan said.

Associated Press writers Michelle Chapman in New York and Heather Hollingsworth in Kansas City, Mo., contributed to this report.

By participating in online discussions you acknowledge that you have agreed to the TERMS OF SERVICE. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. Because only subscribers are allowed to comment, we have your personal information and are able to contact you. If your comments are inappropriate, you may be banned from posting. To report comments that you believe do not follow our guidelines, email commentfeedback@staradvertiser.com.

Leave a comment

Name:

Comment:

Please login to leave a comment.

Maneki_Nekowrote:

The scary thing is that Target did not even now what was going on from November 27 to December 15. Asleep at the IT switch.

on December 20,2013 | 06:53AM

Name:

Comment:

eoewrote:

That's impossible. The market is infallible.

on December 20,2013 | 07:19AM

Name:

Comment:

whatwrote:

Correct. Target will lose a lot of business over this, and they WILL fix it fast and to the public's satisfaction if they want to survive. Unlike a government bureaucracy, where nobody would get fired, the problem may not get fixed expeditiously, or not fixed well at all, and the people would be stuck with eternal incompetence and ineptitude.

on December 20,2013 | 10:02AM

Name:

Comment:

eoewrote:

Really? Like they fixed it for the prior three weeks?

on December 20,2013 | 11:02AM

Name:

Comment:

whatwrote:

Target will fix this to the public's satisfaction or they will not survive. The consequences are real. On the other hand, Obama will end up blowing billions upon billions of taxpayer money on a broken web site that even Target could have gotten right.

on December 20,2013 | 11:15AM

Name:

Comment:

eoewrote:

Seems like the site is generally already working. But you are right - Obama, instead of going with a socialized single payer system, created a complicated patchwork of federal and state "marketplaces" to cater to the bankrupt ideology of the right wing. These decentralized marketplaces then needed to be funded and yes, it will cost billions. You might be surprised that socialism works the same way as the ideal capitalist markets do - when one player captures the entire market (socialism:government; capitalism: monopoly) things run more efficiently.

on December 20,2013 | 11:39AM

Name:

Comment:

eoewrote:

I thought the private sector was infallible? You mean the third biggest retailer in the country, a vaunted titan of capitalism, with 15 years of e-commerce experience, lost 40 million credit cards and then couldn't keep up with call volume? I assume the republicans will be calling for a congressional investigation and fox will be running wall-to-wall coverage of this for the next six months right?

on December 20,2013 | 06:59AM

Name:

Comment:

NanakuliBosswrote:

Some how they will blame the Big O.

on December 20,2013 | 07:14AM

Name:

Comment:

whatwrote:

No no, it's Bush's fault. And Lingle too.

on December 20,2013 | 09:52AM

Name:

Comment:

HonoluluHawaiiwrote:

bama?

on December 20,2013 | 10:31AM

Name:

Comment:

retirewrote:

It appears the management is just as incompetent as the employees.

on December 20,2013 | 08:01AM

Name:

Comment:

GooglyMooglywrote:

This had nothing to do with their e-commerce site. Ironically, those who bought from target.com weren't exposed.

on December 20,2013 | 08:26AM

Name:

Comment:

Matsuwrote:

EOE- Nobody has ever said that the private sector is infallable. They make mistakes, but when they do, they have to pay for those mistakes, and people lose their jobs. There is "accountability" in the private sector. Go ahead EOE sign up for Obamacare and provide them with ALL your personal information. If hackers gain access, who do you think will be accountable? You can't sue the Feds. Good luck with that.

on December 20,2013 | 11:13AM

Name:

Comment:

toad103410wrote:

Matsu, you make a good and valid point.

on December 20,2013 | 11:33AM

Name:

Comment:

eoewrote:

The feds already have all your information. You know that thingy you file every 15 April? You know ... the one with your social security number on it, and all your income and personal information? I don't recall the last time I heard about 40 million tax returns being stolen.

on December 20,2013 | 11:42AM

Name:

Comment:

eoewrote:

Probably the government is covering it up, like benghazi and vince foster.

on December 20,2013 | 12:00PM

Name:

Comment:

HonoluluHawaiiwrote:

What goes around comes around. Any business that appears to be cutting corners, ARE cutting corners and sooner or later the other shoe will drop. We have many stores to go to, including Wal-Mart, K-Mart, etc. In Hawaii back in the day we had Wigwam lol.

on December 20,2013 | 10:30AM

Name:

Comment:

Morimotowrote:

And exactly how is Target cutting corners compared to similar companies like WalMart or K-Mart? Can you give me one example that you have proof of, not just anecdotal observation? No? Didn't think so. Very ignorant comment.

on December 20,2013 | 11:25AM

Name:

Comment:

Mahalowrote:

People love target and will continue to shop they will flap their lips but guarantee... just like in Kailua witch and complain and protest but as soon as Target opens those same people will enjoy the deals